| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Date: | 2013-04-29 17:25:47 |
| Message-ID: | 5399.1367256347@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
> On 04/29/2013 09:59 AM, Tom Lane wrote:
>> As I pointed out to you last night, it does already say that.
>> I think the problem here is that we're just throwing a generic
>> permissions failure rather than identifying the particular permission
>> needed.
> Yeah, a better error message would help a lot. My first thought was
> "WTF? I'm the superuser, whaddya mean, 'permission denied'"?
Right. I wonder if there's any good reason why we shouldn't extend
aclerror() to, in all cases, add a DETAIL line along the lines of
ERROR: permission denied for schema web
DETAIL: This operation requires role X to have privilege Y.
Is there any scenario where this'd be exposing too much info?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2013-04-29 17:45:18 | Re: [PATCH] add --throttle option to pgbench |
| Previous Message | Josh Berkus | 2013-04-29 17:04:11 | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |